Overview

overview

10

Static

static

3

bc1dddf042...18.exe

windows7-x64

10

bc1dddf042...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc1dddf042ec8cadfcd803a03edd23ee_JaffaCakes118

  • Size

    3.4MB

  • Sample

    240618-qf4zvaygnp

  • MD5

    bc1dddf042ec8cadfcd803a03edd23ee

  • SHA1

    22c925291332a1eb102501fc2e5ac93b04d4ce12

  • SHA256

    ad9093633b9ecaeea7bff69ab8d8781213fec82db6c7f2e963a40d2e0ee0e9ce

  • SHA512

    ffbc8fbbf6b76c2d0d672ba0ef94b93e3751850ccfc720f22bd39a84f10b616ca649f55c182d03d7654c729745cea10dd06f24189d6098fbc53a808a0c91ac03

  • SSDEEP

    98304:1AI+ZTAf+MzQSioq96WMb3O6pLve2WX69t6S9IuvT:mtTMZq9666pLvejX06SOuvT

Score
10/10
azorultdiscoveryinfostealertrojan

Malware Config

Extracted

Family

azorult

C2

http://92.63.192.72/index.php

Targets

    • Target

      bc1dddf042ec8cadfcd803a03edd23ee_JaffaCakes118

    • Size

      3.4MB

    • MD5

      bc1dddf042ec8cadfcd803a03edd23ee

    • SHA1

      22c925291332a1eb102501fc2e5ac93b04d4ce12

    • SHA256

      ad9093633b9ecaeea7bff69ab8d8781213fec82db6c7f2e963a40d2e0ee0e9ce

    • SHA512

      ffbc8fbbf6b76c2d0d672ba0ef94b93e3751850ccfc720f22bd39a84f10b616ca649f55c182d03d7654c729745cea10dd06f24189d6098fbc53a808a0c91ac03

    • SSDEEP

      98304:1AI+ZTAf+MzQSioq96WMb3O6pLve2WX69t6S9IuvT:mtTMZq9666pLvejX06SOuvT

    Score
    10/10
    azorultdiscoveryinfostealertrojan

    • Azorult

      An information stealer that was first discovered in 2016, targeting browsing history and passwords.

      trojaninfostealerazorult

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks